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1  Introduction 

It  was  Strachey’s  imaginative  insight  to  identify 
common  phrase-types  such  as  identifiers,  left- 
and  right-expressions,  declarations,  and  com¬ 
mands,  and  to  realize  how  much  about  a  pro¬ 
gramming  language  could  be  understood  by  de¬ 
scribing  the  domains  of  “values”  which  these 
phrases  may  have  [39,20].  This  is  an  insight 
in  comparative  programming  linguistics;  Stra¬ 
chey’s  notions  resemble  those  of  natural  lan¬ 
guage,  and  they  can  be  understood  and  used 
in  the  same  intuitive  but  precise  way  we  recog¬ 
nize  nouns  and  verbs — a  good  thing,  since  under¬ 
standing  Strachey’s  “values”  with  mathematical 
rigor  involves  an  armamentarium  of  mathemat¬ 
ical  weapons  otherwise  unfamiliar  in  Computer 
Science. 

My  consistent  observation  is  that  among  even 
that  minority  of  programming  language  experts 
and  compiler  developers  who  make  use  cl  Stra¬ 
chey’s  insights,  few  have  a  technical  understand¬ 
ing  of  Scott’s  signal  contribution  of  a  mathe¬ 
matically  sound  foundation  for  denotational  se¬ 
mantics.  These  very  capable  people  typically 
have  the  good  judgment  to  let  their  minds  wan¬ 
der  when  subjected  to  lectures  about  directed 
limits,  continuous  functions,  retractions,  or  the 
Pu>  model  of  untyped  lambda  calculus.  This 
is  not  meant  as  a  criticism  of  the  relevance  of 
Scott’s  work.  An  analogy  I  heard  from  Scott 
himself  helps  explain  why  no  criticism  need  be  in¬ 
ferred:  electrical  engineers  arc  not  taught  how  to 
construct  complex  numbers  from  ordered  pairs 
of  downward  closed  sets  of  rational  numbers, 
whereas  mathematicians  typically  are  taught 
about  them  (Dedekind’s  cuts).  How  come?  Be¬ 
cause  there  is  a  robust  geometric  intuition  which 
can  be  conveyed  about  the  complex  plane,  and 
there  is  an  elegant  calculus  for,  and  axiomati- 
zation  of,  the  complex  field  which  gives  a  reli¬ 
able  way  to  verify  geometric  intuitions.  Mathe¬ 


maticians  with  foundational  concerns  may  study 
Dedekind’s  cuts  to  confirm  the  correctness  of  the 
logic,  but  engineers  can  skip  them. 

Lambda  calculus  and  lambda  reduction,  and 
general  reasoning  principles  like  least  fixed  point 
induction,  offer  similar  insulation  of  the  program 
engineer  from  the  foundational  concepts  of  do¬ 
main  theory.  One  can  prove  a  fair  amount  about 
program  semantics  using  the  kind  of  axiom  sys¬ 
tems  supported  by  LCF  [8,22]  without  mastering 
the  intricacies  of  information  systems  (Scott's 
version  of  “Dedekind”  cuts)  [32],  though  domain 
theory  is  far  from  providing  the  pragmatically 
powerful  and  technically  complete  logical  theory 
of  the  kind  we  have  for  the  complex  field. 

Oti  the  other  hand,  domain  theory  remains 
an  active  area,  as  researchers  continue  to  ex¬ 
plore  a  surprisingly  varied  crop  of  possibilities: 
Scott’s  original  continuous  lattice  domains  [31] 
gave  way  to  complete  partial  orders  (cpo’s)  with 
continuous  morphisms  [24,26];  more  significant, 
Scott’s  domains  did  not  support  the  kind  of 
“power-domain”  type  construction  desirable  for 
explaining  the  meaning  of  nondeterministic  pro¬ 
grams,  and  Plotkin  offered  the  richer  category 
of  SFP  domains  [24];  variant  SFP’s  have  been 
further  elaborated  into  profinite  domains  [11], 
2/3-SFP’s,  and  more.  Meanwhile,  it  appeared 
from  the  independent  solutions  of  Sazonov  [30] 
and  Plotkin  [25]  to  a  question  raised  by  Scott 
that  there  was  something  inherently  parallel  in 
domains  based  on  Scott’s  notion  of  continuity- 
more  about  this  below — and  the  stable  and  dl- 
domains  of  Berry,  et  al.  were  proposed  [2]  to  cap¬ 
ture  sequential  interpreters  (they  don’t  quite). 
Stable  domains  then  found  an  unexpected  inde¬ 
pendent  application  as  models  of  polymorphic 
types  in  Girard’s  qualitative  domains  [7].  Re¬ 
cently.  L-domains  have  been  offered  [12,40,41]  as 
an  improvement  on  dl  and  SFP  domains.  I'll 
sav  more  in  the  next  section  about  the  domains 
of  monotonic  functions;  they  are  pedagogically 
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much  simpler  and  serve  surprisingly  well  for  a 
widely  studied  case.  All  these  domains  based  on 
functions  on  cpo’s  seem  limited  in  their  ability  to 
model  block-structure  in  Algol  like  languages 
[13,42],  leading  Oles  [23],  and  me  and  Sieber 
[19]  to  obtain  improved,  but  still  imperfect  mod¬ 
els  using  functor-categories  on  cpo’s.  Other 
kinds  of  domains  whose  theory  has  a  more  alge¬ 
braic/categorical,  as  opposed  to  order-theoretic, 
flavor  are  presented  in  [6,9,10] 

Too  many  different  domains  of  course;  I  hope 
the  best  ones  will  emerge  in  time.  One  theme 
hinted  at  in  the  litany  above  is  that  each  of  these 
domains  was  developed  to  mode!  some  kind  of 
computation  or  computational  logic.  But  why 
are  there  so  many?  Doesn’t  Church’s  thesis  in¬ 
dicate  that  there  is  only  one  kind  of  computa¬ 
tion?  Alan  Perlis  calls  this  the  “Turing  tarpit”: 
some  of  the  most  crucial  distinctions  in  comput¬ 
ing  methodology,  such  as  sequent  ial  versus  par¬ 
allel,  determinate  versus  multivalued,  iterative 
versus  recursive,  local  versus  distributed,  call- 
by-name  versus  call- by- value,  get  mired  together 
if  all  you  see  in  computation  is  symbol-pushing. 
(Note  that  none  of  these  ^stinctions  correlates 
much  with  computational  complexity.  I’ve  al¬ 
ways  thought  “complexity  theory”  was  a  mis¬ 
nomer,  since  a  very  simple  computation  carried 
out  for  a  large  number  of  repetitions  is  desig¬ 
nated  as  complex,  while  a  sophisticated  fast  al¬ 
gorithm  with  elaborate  data  structures  is  not 
called  complex.  “Efficiency  theory”  would  be 
more  accurate.)  So  Computer  Scientists  clearly 
make  distinctions  ignored  in  elementary  Recur¬ 
sion  Theory  and  Complexity  Theory. 

My  speculation  is  that  the  proliferation  of  do¬ 
mains  may  be  reflecting  this  multiplicity  of  com¬ 
putational  distinctions.  For  example,  besides  the 
Plotkin/Sazonov  results  which  I  inierpret  as  con¬ 
necting  cpo’s  with  determinate  parallel  compu¬ 
tation.  the  paper  by  Bard  Bloom  in  the  1988 
LICS  symposium  suggests  that  continuous  lat¬ 


tices  best  model  computation  by  nondeterminis- 
tic  interpreters.  There  remains  a  lot  of  fuzziness 
in  these  ideas  of  “kinds”  of  computation  and  how 
they  are  modeled  by  different  domains.  I’m  not 
confident  that  these  speculations  can  be  precisely 
formulated,  let  alone  that  they  will  hold  up.  But 
I’ve  found,  and  hope  the  results  sketched  below 
will  persuade  at  least  a  few  readers,  that  pursu¬ 
ing  them  has  been  worthwhile. 

2  Some  “Good  Fit”  Criteria 

Denotational  semantics  allows  clean  mathemati¬ 
cal  concepts  like  partial  orders,  least  fixed  p'  'inG. 
continuity,  and  higher-order  functions,  to  be 
brought  to  bear  in  reasoning  about  programming 
languages.  But  the  relevance  of  the  mathemati¬ 
cal  facts  to  the  computational  situation  depends 
on  the  nature  of  the  fit  between  mathematical 
meaning  and  computational  behavior,  as  well  as 
the  reasonableness  of  both  the  domains  of  mean¬ 
ing  and  the  computational  systems.  Examining 
the  fit  provides  guidance  in  analyzing  and  de¬ 
signing  languages  and  their  semantics. 

Let  me  review  some  fundamental  fitness  and 
reasonableness  criteria: 

1.  Computational  adequacy,  a  term  means  3  iff 
it  evaluates  computationally  to  the  numeral 
for  3.  This  is  the  essential  connection  be¬ 
tween  computation  and  meaning.  Without 
il ,  semantics  is  not  much  use  in  explaining 
computational  behavior. 

2.  Full  abstraction:  two  terms  are  semantically 
equal  iff  they  denote  the  integer  3  in  exactly 
the  same  contexts. 

3.  Universality:  every  computable  value  of  any 
type  is  definable  by  a  term. 

4.  Structured  operational  semantics  (SOS)— in 
the  style  of  [27]:  having  one  is  a  “reasonable¬ 
ness”  criterion  for  a  symbolic  interpreter. 
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The  classic  study  connecting  these  criteria  is 
Plotkin’s  “LCF  Considered  as  a  Programming 
Language”  [25].  I've  found  it  well  worth  using 
as  the  basis  of  an  introductory  graduate  lecture 
course  in  semantics. 

There  is  a  purely  symbol-pushing  computa¬ 
tional  notion  that  programmers  appreciale  as 
fundamental:  two  pieces  of  program  are  “equiva¬ 
lent”  if  they  can  always  be'  interchanged  without 
affecting  the  visible  results  of  the  computation. 
More  precisely. 

Definition  1  Two  terms  M,  X  are  observation- 
ally  distinguishable  iff  there  is  a  context  C[-}  such 
that  C[M }  evaluates  to  the  numeral  3  and  C[iV] 
does  not,  or  vice  versa.  M  and  X  are  obsorva- 
tionally  congruent,  written  M=0i,,N ,  iff  they  are 
not  observationally  distinguishable. 

How  come  the  numeral  3  is  an  important  out¬ 
put?  Well  of  course  it  isn't:  if  you  prefer  7, 
then  the  context  C[-]  +  4  will  distinguish  M  and 
N  wrt  to  observing  7  whenever  C[  ]  does  the 
job  wrt  3.  In  particular,  the  relation  =o6a  re¬ 
mains  unchanged  whether  we  regard  3,  7,  or  any 
nonempty  subset  of  numerals  to  be  visible  re¬ 
sults.  For  the  simply  typed  lambda  calculus  we 
also  get  the  same  =0i,,  if  we  distinguish  terms 
solely  on  the  basis  of  whether  or  not  their  eval¬ 
uation  produces  a  numeral  at  all,  that  is  M  and 
N  are  observationally  distinguishable  iff  there  is 
a  closing  context  <?[•]  of  integer  type  such  that 
evaluation  of  exactly  one  of  C[M ]  and  C[iV]  ter¬ 
minates. 

So  optimizations  by  a  compiler  are  “correct” 
providing  the  compiler  replaces  program  texts 
by  observationally  congruent  texts.  This  im¬ 
plies  that  although  =  obs  is  invariant  over  many 
choices  of  what  observable  outcomes  of  computa¬ 
tion  are  taken  to  be,  we  don’t  expect  to  allow  ob¬ 
servers  with  clocks  who  can  time  computations, 
since  the  point  of  carrying  out  the  observation¬ 


preserving  optimization  was  to  speed  things  up. 

For  mainstream  Computer  Scientists  who 
think  operationally  and  require  a  pithy  explana¬ 
tion  of  how  denotational  semantics  helps  them 
with  their  own  concerns,  we  can  sav  that  seman¬ 
tics  provides  a  whole  new  set  of  ways  to  prove 
observational  congruences: 

If  a  semantics  is  adequate  (and  compo¬ 
sitional.  but  let's  not  be  picky),  then 
semantic  equality  implies  observational 
congruence. 

For  example,  try  proving  from  purely  opera¬ 
tional  definitions  that 

(Y  \xT.  j  )  =obs  ((I'  Xfint~*T .  f)  3). 

It  can  be  done,  but  the  proof  is  not  easy.  On 
the  other  hand,  it  follows  trivially  that  these 
terms  have  the  same  meaning  in  models  where 
Y  denotes  a  least  fixed  point  operator  since  the 
least  fixed  point  of  the  identity  function  is  the 
constant  _L  function.  Since  we  have  many  such 
models  which  are  adequate,  we  can  conclude  the 
terms  are  —  0j,. 

This  is  not  to  say  that  semantical  proofs 
are  shorter  or  simpler — after  all,  the  triv¬ 
ial  argument  above  rests  on  a  nontrivial  ad¬ 
equacy  proof—  but  they  certainly  have  an  at¬ 
tractive  flavor  of  their  own  compared  to  reason¬ 
ing  about  step-by-step  transformations  by  SECD 
machines. 

The  main  theorems  culminating  most  pa¬ 
pers  and  texts  on  semantics  are  just  adequacy 
theorems.  To  some  degree  this  achieves  the 
task  of  capturing  semantically  what  matters 
computationally  because  any  adequate  seman¬ 
tics  uniquely  determines  =„*,  without  having  to 
mention  the  evaluator:  M=obsN  iff 

VCf-j.  [C[M]J  *  ±int  iff  [C[A']J  ^  ±int  . 

So  it’s  nice  that  adequacy  is  cheap,  e.g.. 
Plot  kin  demonstrates  that  cont  inuous  lattice 


models,  cpo’s  with  extra,  infinite  integers  ^  T, 
as  well  as  Scott  cpo’s,  each  provide  an  ade¬ 
quate  computational  setup  for  the  simply  typed 
lambda  calculus  with  recursion  and  conditional 
combinators  and  call-by-name  evaluation.  In 
fact,  in  joint  work  with  D.  Velleman  of  Amherst 
College,  I  observe  that  even  the  category  of  cpo’s 
with  monotone — as  opposed  to  continuous — 
functions  is  adequate  for  the  simply  typed  cal¬ 
culus.  (The  proof  is  easy  using  Statinan’s  logical 
relations  [35,34]  to  relate  the  monotone  and  con¬ 
tinuous  cpo  categories.)  So  if  all  that  matters  is 
adequacy,  continuity  in  cpo's  can  be  ignored  in 
favor  of  the  pedagogically  simpler,  familiar  no¬ 
tion  of  monotonicity.  Moreover,  the  basic  prin¬ 
ciple  of  fixed  point  induction  on  admissible  pred¬ 
icates  is  sound  in  the  monotone  case.1  This  may 
explain  why  in  my  early  reading  about  semantics 
I  had  some  trouble  seeing  the  role  of  continuity. 

The  problem  is  that  even  though  adequate 
meanings  determine  congruence  in  a  mathemat¬ 
ical  sense,  and  equal  meanings  implies  congru¬ 
ence,  an  adequate  semantics  may  make  more  dis¬ 
tinctions  than  those  definable  by  contexts,  so  ob- 
servationally  congruent  terms  may  not  be  seman¬ 
tically  equal.  Full  abstraction  ensures  that  the 
only  semantical  distinctions  made  are  observa¬ 
tional  ones: 

A  semantics  is  fully  abstract  iff 

semantic  equality  coincides  with  =0bs- 

In  the  simply  typed  case,  the  significance  of 
continuity  only  begins  to  emerge  from  Plotkin’s 
result  that,  at  least  once  a  “parallel-conditional" 
is  added  to  the  simply  typed  calculus,  the  cpo’s 
with  continuous  functions  provide  a  fully  ab¬ 
stract  semantics.  Plotkin  observes  that  this  fails 
for  continuous  lattices,  which  explains  part  of  the 
reason  why  in  the  current  Computer  Science  lit¬ 
erature  lattices  have  been  largely  abandoned  in 
favor  of  cpo’s.  Finally,  he  shows  that  a  further 


extension  with  a  “continuous-existential”  combi- 
nator  yields  universality  for  continuous  cpo’s. 

Thinking  along  the  lines  in  the  Introduction, 
I  asked  whether  there  was  some  other  language 
extension  than  parallel-conditional  for  which 
continuous  lattices  are  fully  abstract.  Bloom 
makes  the  sophisticated  observation  in  this  LICS 
that  lattices  are  fully  abstract  when  certain 
computable  combinators  enrich  the  language  of 
terms;  but  he  then  proves  that  all  such  combina¬ 
tors  are  necessarily  unreasonable;  they  cannot  fit 
a  certain  kind  of  SOS  format  among  other  prob¬ 
lems.  Universality  necessarily  fails  for  lattices 
on  recursion  theoretic  grounds  unless  we  admit 
some  rather  odd  nondeterministic  evaluators. 

I  also  asked  whether  the  monotone  cpo  models 
were  fully  abstract,  and  Plotkin  first  came  up 
with  a  counter-example.  Velleman  went  on  to 
show  that  full  abstraction  fails  irreparably  for  the 
monotone  cpo  model — no  matter  what  language 
extensions  are  added  to  PCF  so  long  as  terms 
have  an  effective,  adequate  symbolic  evaluator. 

So  we  have  a  good  rationale  for  continuous 
reasoning  in  the  simply  typed  case.  But  doubts 
about  the  point  of  continuity  are  clarified  by  the 
observation  that  the  monotone  model  is  fully 
abstract  for  the  language  of  first-order  recur¬ 
sive  function  schemes  (with  parallel-or).  So  the 
use  of  continuous  functions  in  standard  refer¬ 
ences  which  consider  only  such  schemes,  e.g., 
[15,16,28],  is  a  red  herring — everything  works  un¬ 
der  the  simpler  monotone  interpretation.  There 
is  no  point  in  continuous  reasoning  without 
higher-order  (at  least  third-order)  types. 

I  keep  saying  “simply  typed”  for  good  reason. 
Another  key  purpose  of  continuity  is  to  justify 
the  rules  for  reasoning  about  recursive  types  and 
domain  equations.  For  example,  Abramsky  and 
Stoughton  have  recently  strengthened  an  earlier 
observation  of  Plotkin:  in  the  monotone  frame¬ 
work  there  is  no  model  of  the  untyped  lambda-/? 
calculus,  namely,  a  nontrivial  solution  of  the  re- 


traction  (D  — ►  D)  <]  D  does  not  exist  in  the 
category  of  epo’s  with  monotone  functions  as 
morphisms.2 

I  hope  to  spell  out  this  whole  neat  story  about 
monotonicity  in  a  joint  paper  with  Plotkin  and 
Velleman  sometime  soon. 

Another  story  along  these  lines  that  I  will  be 
telling  in  more  detail  elsewhere  [18],  concerns 
continuations.  I  still  don’t  understand  them,  but 
1  have  a  better  idea  why.  The  basic  theorems  in 
the  literature  about  continuations  are  all  congru¬ 
ence  theorems  which  are  the  recursively  typed 
versions  of  logical  relations,  e.g.,  [37,38,29],  The 
gist  of  these  results  is  that  a  term  means  3  in  “di¬ 
rect”  functional  semantics  iff  it  means  3  in  con¬ 
tinuation  semantics.  These  are  essentially  ade¬ 
quacy  results.  And  in  fact,  once  I  proposed  look¬ 
ing,  it  was  not  very  hard  to  find  examples  where 
full  abstraction  fails:  there  are  simple  functional 
terms  which  are  equal  in  direct  semantics  but  not 
in  continuation  semantics.  To  my  amazement, 
only  a  couple  of  experts  on  the  subject  seemed 
aware  of  this  phenomenon,  and  none  seemed  to 
appreciate  the  consequence:  reasoning  which  is 
sound  for  programs  under  direct  semantics  may 
be  unsound  for  the  same  programs  under  contin¬ 
uation  semantics.  I  wish  the  advocates  of  contin¬ 
uation  st j  le  had  vku.i.iicd  me  about,  tnis  piobiem 
and  would  offer  more  help  in  reasoning  about 
continuations  (and  don’t  call  my  attention  to 
[4,5],  which,  despite  a  titular  claim,  don’t  fill  the 
bill.) 

I  recommend  Stoughton’s  recent  monograph 
[36]  for  a  well-written,  thorough  examination  of 
full  abstraction,  as  well  as  a  balanced  discussion 
of  the  nature  of  the  somewhat  oversold  “solu¬ 
tion”  to  the  full  abstraction  problem  for  sequen¬ 
tial  PCF  offered  in  [22].  One  warning  though: 
Stoughton  follows  what  I  consider  the  unfortu¬ 
nate  terminology  of  [14]  and  calls  “full  abstrac¬ 
tion”  a  property  that  is  actually  equivalent  to 
what  I  call  adequacy  his  “contextual  full  ab¬ 


straction”  is  m  full  abstraction.3 

3  Observing  Termination 

Now  if  we  are  villing  to  observe  termination  at 
integer  or  othe-  printable- value  types,  why  not 
observe  termination  at  all  types?  For  that  mat¬ 
ter,  there  may  even  be  no  obvious  alternative  to 
observing  termination  everywhere  in  many  inter¬ 
esting  situations  of  “pure”  untyped,  recursively 
typed,  or  dependency  typed  calculi  where  there 
are  no  built-in  integer  types  with  numerals  to  ob¬ 
serve.  And  after  all,  even  if,  say,  a  LISP  expres¬ 
sion  evaluates  to  a  closure  rather  than  a  print¬ 
able  value,  the  fact,  that  we  get  a  prompt  at  the 
terminal  when  evaluation  completes  is  a  rather 
significant  observable  outcome — one  we  ought  to 
be  able  to  reason  about  semantically. 

So  we  arrive  at  the  final  fitness  criterion  I  want 
to  consider: 

5.  Complete  adequacy:  the  meaning  of  an  arbi¬ 
trary  term  is  bottom  (or  undefined)  iff  eval¬ 
uation  of  it  does  not  terminate. 

Plotkin,  in  a  series  of  unpublished  notes  over 
the  past  three  years,  has  established  complete 
adequacy  using  domains  of  bottomless  epo’s  and 
continuous  partial  functions  to  assign  meaning  to 
the  standard  recursively  typed  lambda  calculus 
with  a  standard  call-by-value  evaluation.  As  of 
our  last  discussion,  full  abstraction  and  univer¬ 
sality  remained  unexamined  for  this  setup.  This 
earlier  work  stimulated  my  own  questions  about 
complete  adequacy  for  Scott  domains. 

Now  it  is  a  folk  theorem — which  is  to  say 
that  Scott,  Gunter,  and  Abramsky  said  “of 
course”  when  I  mentioned  it,  but  I  know  of  no 
reference — that  on  general  principles  of  Scott  do¬ 
mains,  the  set  of  terms  in  the  recursively  typed 
lambda  calculus  which  are  not  identically  bot¬ 
tom  is  a  recursively  enumerable  collection  of 
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syntactic  objects.  Thus,  recursion  theoretically 
speaking,  there  is  some  effective  “evaluator”  of 
recursively  typed  terms  for  which  Scott  domains 
are  completely  adequate. 

The  problem  is  that  this  evaluator  is  weird. 
Standard  interpreters,  whether  for  call-by-name 
or  call- by- value  style  semantics,  stop  at  formal 
abstractions.  For  example,  let  M  be  a  closed 
term  whose  evaluation  diverges.  It  should  be 
a  familiar  fact  that  “hiding”  M  under  a  A  as 
in  A x.Mx  yields  a  term  which  terminates  im¬ 
mediately  at  itself.  Of  course,  A  x.Mx  is  se¬ 
mantically  equal  to  A/,  and  indeed  is  observa- 
tionally  congruent  to  M  (under  call-by-name)  if 
the  only  “printable  values”  or  “computational 
observables”  are  numerals  (or  termination  at 
ground  type — note  that  A/  above  has  functional 
type  since  it  applies  to  x).  So  if  we  allow  ter¬ 
mination  behavior  of  the  standard  interpreters 
to  be  observable  for  terms  of  all  types,  then  fa¬ 
miliar  reasoning  like  the  (q)-axiom  at  functional 
types  is  unsound,  and  all  the  models  in  which 
it  is  sound  are  computationally  inadequate!  So 
complete  adequacy  certainly  fails  for  the  setup  of 
Scott  domains  and  simply  typed  lambda  calculus 
using  the  familiar  evaluators. 

There  is  a  solid  clue  in  Wadsworth’s  classic 
study  [43]  of  the  pure  lambda  calculus  of  how  a 
“reasonable '  interpreter  should  work  to  be  com¬ 
pletely  adequate  for  Scott  domains.  Wadsworth 
shows  that  an  interpreter  which  stops  reducing 
precisely  at  head-normal  forms  is  fully  abstract 
for  pure  untyped  A/?-calculus.  So  if  Cosmadakis 
and  I  could  figure  out  how  to  generalize  head- 
normal  forms  to  the  recursively  typed  lambda 
calculus,  we  might  be  able  to  exhibit  reasonable, 
though  nonstandard,  interpreters  for  this  calcu¬ 
lus  such  that  Scott  domains  are  completely  ad¬ 
equate  and  fully  abstract.  But  so  far  we  can’t 
find  an  interpreter  which  has  some  kind  of  SOS 
that  does  the  job. 

So  in  Appendix  A  we  work  out  the  general¬ 


ization  of  Plotkin’s  LCF  study  to  the  recursively 
typed  lambda  calculus.  We  do  this  by  defining 
a  very  general  class  of  observed  types  which  in¬ 
cludes  the  recursively  definable  versions  of  such 
printable  values  as  integers,  booleans,  and  lists 
and  streams  over  observable  atoms.  Sticking 
with  termination  at  observed  type  as  the  ob¬ 
servation  used  to  define  =  0j4,  we  exhibit  an  in¬ 
terpreter  which  looks  intuitively  reasonable,  and 
then  we  prove  complete  adequacy,  full  abstrac¬ 
tion,  and  universality.  But  the  reader  should 
look  at  the  reduction  rules  and  judge  for  him¬ 
self  whether  he  likes  them,  since  we  don’t  know 
exactly  what  makes  an  SOS  discipline  reasonable 
( cf .  [3]  and  Bloom’s  LICS  ’88  paper  for  some  SOS 
metatheory).  In  particular,  our  interpreter  uses 
some  deterministic  context-free  pattern  match¬ 
ing  to  control  applicability  of  reduction  rules, 
and  we’re  not  sure  whether  this  control  mech¬ 
anism  might  be  too  powerful — enough  to  stick 
us  in  the  Turing  tarpit  again. 

An  odd  behavior  of  our  interpreter  arises  from 
the  fact  that  it  has  been  optimized  to  stop  as 
soon  as  it  can,  once  a  term  is  discovered  to  be  of 
a  canonically  nonbottom  form.  In  particular,  the 
interpreter  may  stop  on  an  integer  term  denoting 
0  before  evaluating  to  the  numeral  0  if  it  discov¬ 
ers  earlier  that  the  term  is  nonbottom.  This  is 
probably  reparable. 

A  criticism  of  our  interpreter  which  would 
not  be  fair  is  that  on  terms  which  mean  the 
pair  (3,3),  it  does  not  terminate  with  a  stan¬ 
dard  printable  representation  of  (3,3).  This  is 
irreparable  on  recursion-theoretic  grounds:  an 
evaluator  that  is  required  to  print  (3,3)  would 
in  general  have  to  diverge  on  terms  which  meant 
(3,-L).  so  that  ±  and  divergence  could  no  longer 
match  at  type  int  x  int. 

The  hard  part  of  designing  an  evaluator  for 
which  Scott  domains  are  completely  adequate 
involves  sum  types.  In  Appendix  B  we  exhibit 
another  interpreter  for  which  Scott  domains  are 


completely  adequate  at  all  recursive  types  not 
involving  sums. 

The  theorems  we  have  obtained,  though  in 
several  respects  only  partial  results,  are  not  easy. 
There  is  a  long  way  to  go  if  we  take  these  fit¬ 
ness  criteria  seriously  and  ask  about  the  many 
other  kinds  of  domains.  These  criteria  also  make 
sense  for  languages  with  richer  types  support¬ 
ing  power-domains  and  polymorphism.  Work  on 
these  has  not  even  begun. 
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4  Notes 

1.  But  different  syntactic  criteria  for  detect¬ 
ing  admissible  formulas  are  required  in  the 
monotone  and  continuous  cases,  e.g.,  the 
predicate  of  x 

(xXz.z)  C  1 

is  admissible  in  the  continuous  model,  but 
not  in  the  monotone  model.  The  formal 
system  LCF,  which  recognizes  as  admissible 
any  predicate  of  the  form  M  C  A,  conse¬ 
quently  allows  proofs  bv  fixed  point  induc¬ 
tion  of  equations  which  hold  in  the  continu¬ 
ous.  but  not  in  the  monotone  model.  Dana 
Scott  pointed  this  out  to  me.  correcting  an 
earlier  remark  to  the  contrary  in  the  1988 
LICS  proceedings  version  of  this  paper. 

2.  However,  Abramsky  has  pointed  out  to  me 
that,  contrary  to  a  remark  in  the  earlier  ver¬ 
sion  of  this  paper  in  the  19X8  LICS  Proceed¬ 


ings,  D  and  D  —  1)  may  have  the  same  car 
dinality  in  the  monotone  frame— letting  I) 
be  the  real  numbers  is  an  example. 

•i.  My  cryptic,  provocative  remarks  here  have 
already  succeeded  in  stimulating  a  useful 
discussion  among  the  research  protagonists. 
rf.  [17],  which  has  led  me  to  moderate  my 
views  a  bit.  Among  other  things,  we  are 
trying  to  reach  agreement  on  common  ter¬ 
minology  for  concepts  like  contextual  and 
full  abstraction. 

A  Adequacy  at  Observed 
Types 

A.l  Syntax  of  Types 

Lei  t  stand  for  a  type  variable,  r  for  a  type  ex¬ 
pression,  and  rr  for  an  observed  type: 

r  ::=  t  \  t  t  \  t  x  r  \  t  tri  r  \  r±  \  fit. r 

rr  ::=  t  |  rr  x  rr  |  o  ^  o  |  r±  |  / it. a 

Definition  2  .1  type  is  a  closed  type  expression. 

Comments: 

The  symbol  x  denotes  Cartesian  (separated) 
product;  we  cannot  handle  strict  (coalesced) 
product  (0)  for  reasons  explained  at  the  end  of 
this  appendix. 

Function  types  are  not  observed. 

Fhe  "lifted"  type  is  observed  for  any  type 

T. 

The  symbol  T  denotes  coalesced  (smash  )  sum. 

Separated  sum  (  +  )  can  be  treated  as  "syn¬ 
tactic  sugar"  since  it  is  definable  by  rj  +  t, 

(D  )i  T  (7-2)1. 

We  don't  have  any  purely  semantical  charac¬ 
terization  of  what  makes  a  type  observed. 
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Examples  of  types: 


triv 

:=  pt.t 

1 

:=  triv  ^ 

bool 

:=  1  ©  1 

int 

:=  pt.l  ©  t 

untyp  : 

:=  pt.l®(t 

Comment:  The  type  untyp  is  a  model  for  the 
untyped  A/3-calculus. 

A. 2  Terms  and  Typing  Rules 

Let  M  and  N  stand  for  terms,  C  for  a  canonical 
term,  and  D  for  a  noncanonical  term. 


allows  branching  on  whether  a  term,  M i,  of  ob¬ 
served  sum  type  is  in  the  left  or  right  side  of 
the  sum,  returning  the  gib  of  its  remaining  argu¬ 
ments,  A/2  and  A/3,  if  A/i  is  bottom. 

The  constructor  up?  tests  whether  Al\  of  lifted 
type  is  nonbottom,  and  if  so  returns  its  second 


argument;  otherwise 

it  returns  bottom. 

Some  Constants: 

y(T->r)-,T  .._ 

\fT-'T.A{ftt~~T)-'Tabs(Af) 

where  A  <  ::= 

\xtit-t~'T .f{rcp(x)  x). 

::= 

y(T- t)-t(Axt.x), 

a1  ::= 

hft(ntrn‘), 

n,boo‘ 

inL(a ), 

ffbool  . .  — 

inR(a), 

Qint 

abs(inL(a)1®int), 

(4-1  ).nt— * ::  = 

Xx'ni  ,ubs(  inR(x)1~'nt). 

Canonical  Terms: 

AxT‘  .A/ 7-2 
(MT'-*^NT  ■) 
pair(Mn ,  NTi) 

snd(MT'*T*) 
inI(Mr‘) 
outL(MT'®T*) 
inR(MT>) 
outR(MT'®T*) 
eondlr  A/*1®*2  A/2r  A/3T 
lift(MT) 
drop(  MT± ) 
up?  A/<ri)j-  Nri 
abs{M^tT/t^T) 
rep(M»tT) 


T 

Ti  —  r2 
r2 

r,  x  r2 
T\ 

T2 

T\  ©  r2 
T\ 

T\  ®  r2 
T2 

T 

T± 

T 

T2 

pt.T 

[pf.r//]r 


C  pair(C,M )  |  pair(M,C)  |  inL(C)  | 

inR(C)  |  lift(M)  |  abs(C) 

Definition  3  Let  p±  be  the  valuation  of  vari¬ 
ables  (i.e.,  environment)  that  assigns  J.  of  ap¬ 
propriate  type  to  each  variable. 

Comments: 

For  A/  an  arbitrary  term,  [Af]p  ^  X  for  every 
valuation  p  iff  [A/Jpx  /  -L. 

For  C  a  canonical  term,  [C]px  _L. 

A. 3  Operational  Rules 

A  “reduces  in  one  step”  relation,  — *•  on  terms  is 
defined  inductively  by  the  rules  below.  Let  = 
denote  syntactic  identity  of  terms. 


Comments: 

The  parallel  case  statement  constructor,  eondlr. 


n 


(Xx.M)M  —  [N/x]M 

( condlr  M  N\  N2 )  A/3  — *  condlr  M  ( A^  A3)  (A^A^) 

A/  — >  A/',  Af  ^  (A  -  •  •),  A/  ^  condlr(  •  •  •) 

A/iV  —  Ai'TV 

M  ->  A/7,  A^  —  AT' 
pair(M,  N)  — *■  pair(M' ,  N ') 

fsl(pair(M,N))  —*  M 

snd(pair(M ,  N))  -*  N 

fst(condlr  M  N\  N 2)  — »  condlr  M  fst( N-, )  fst( N2) 
snd(condlr  M  N\  N2)  — *  condlr  M  snd(N\)  snd(Ni) 

M  — »  A/7,  M  ^  pair(- •  •),  M  ^  condh  (•  •  •) 
fst(M)  — *  fst(M'),  snd(M)  — ♦  snd(M') 

_ Af  -<•  AT _ 

inL(M)  —*  inL(M '),  inR(M)  — +  inR(M') 

outL(inL(M))  — ►  Af 

outR(inR(M))  — ►  A/ 

outL(condlr  M  N\  N2)  —*  condlr  M  outL(Ni)  outL(N2) 

outR(condlr  AT  N\  N2 )  — *  condlr  M  outR(N\)  outR(N2 ) 

M  — ►  M',  M  ^  m£(.  ■■),  M  £  condlr (•  ■  ■) 
outL(M )  -  outL(M') 

M  ->  M',  inR{ ■  ■■),  M  £  condlr{ ■  ■  •) 
outR(M)  ->  outR(M') 

drop(lift(M))  — *  A/ 

drop(condlr  M  N2)  — ►  condlr  M  drop(h\)  drop(N2 ) 

M  -*  M',  M  $  lift( ■  •  •),  Af  ^  concf/r(-  •  •) 
drop(M)  — ♦  drop(M') 

upl  lift(M)  N  —  JV 

A/  ^  /;/((•  ■  •),  M  — >  M' 
up ?  M  N  -*  upl  M'  N 

M  -  AT 

abs(M)  — +  abs(M') 
rep(nbs{M))  — >  M 
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rep(condlr  M  N i  N2 )  — ►  condlr  M  rep(Ni)  iep(N2) 

M  — >  M',  M  £  abs( •••),  A/  ^  condlr{ •■•) 
rep{M)  — *■  rep(M') 


condlr  inL(C)  N\  N2 
condlr  inR(C)  N\  N2 
condlr  D  pair(M ,  N)  puir{M\  N1) 
condlr  D  inL(M)  inL(N) 
condlr  D  inR(M)  inR(N) 
condlr  D  lift(M)  lift(N) 
condlr  D  abs(M)  abs(N) 


N\ 

N2 

pair(condlr  D  M  M1,  condlr  D  N  N1) 

inL(condlr  D  M  N) 

inR(condlr  D  M  N) 

lift(condlr  D  M  N) 

abs(condlr  D  M  N) 


(if  no  condlr  rule  above  applies) 

M,  — »  M-  for  i  6  /  ^  0,  and  M}  s  M\  is  canonical  for  j  g  {1,2,3}  —  / 
condlr  Mi  M2  Mz  — ♦  condlr  M2 


(if  no  rule  above  applies  to  D) 

D  ->  D 

Lemma  1  A  term  M  is  canonical  iff  there  is  no  term  M'  such  that  M  -*  M' .  The  relation  — ►  is 
a  partial  computable  function  on  terms,  whose  domain  is  thus  the  noncanonical  terms. 

Definition  4  Let  Eval(M)  be  the  necessarily  unique  term  C ,  if  any,  such  that  M  — ►*  C. 


Comments: 

Eval  is  a  partial  computable  function  on  terms  whose  range  is  the  set  of  canonical  terms. 

If  M  — *  N,  then  [M]  =  [iVJ.  Hence,  [Eval(M)\  =  [Af],  and  [Afjpx  /  -L  whenever  Eval(M)  is 
defined. 


A. 4  The  Adequacy  Theorem 

Inclusive  Predicate  Specification 

Let  [r]  be  the  semantic  domain  (epo)  corresponding  to  type  r,  and  let  Ar  be  the  set  of  (possibly 
open)  terms  of  type  r. 


Definition  5  Let  be  a  binary  relation  relation  between  canonical  terms,  defined  (by  structural 
induction)  as  follows: 
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pair(C,  D)  pair((" ,D') 

iff 

C  f  "  and  i  itln  r  D  = 

/>'  or  D  —>  l)' 

pair(D,C)  pair(D‘ ,C") 

iff 

f '  C;  und  either  D  = 

o 

l 

pair(Ci,C2 )  pairfC,',^) 

iff 

Ci  —  c;,c^  c' 

inL(C)  inL(C') 

iff 

C  —  C' 

inR(C )  inR(C') 

iff 

c^c 

abs(C)  abs(C') 

iff 

C  —  C' 

lift(M) 

'V/* 

hft(M) 

Definition  6  Let  the  set  of  fully  canonical  terms  be  defined  as  follows: 

F  ::=  pair{  F,  M )  \  pair(M.F )  |  pair(F,F)  \  inL(F)  \  inR(F)  \  lift(N)  \  abs(F) 
where  \M\p±_  =  _L. 

Observe  that  every  fully  canonical  term  is  canonical. 

Inclusive  binary  predicates  ~T  on  [r]  x  Ar  will  be  defined  below  to  satisfy  the  properties  (A). 
(B)  below.  We  first  define  auxiliary  binary  predicates  n T. 

Definition  7  Let  UT  be  a  binary  predicate  on  |r]  x  Ar  defined  to  be  identically  true  for  types  r 
that  are  not  observed,  and 

cliff M  iff  c  C  \M\p±  a"d  (c  ^  ±ff  implies  3 F.  Eval(M)^*“  F). 

Property  (A)  (of  a  relation  ~r): 

c  ~T  M  only  if  c!lrA/.  If  cHTM ,  then 


C  ~r,-.T5  A/ 

iff 

e  ~Tl  A  implies  c(e)  M N 

C  ~n  x-rj  A/ 

iff 

fst(c)  ~n  fst(M)  and  snd(c)  snd(M) 

C  ~r,®^  A/ 

iff 

outL(c)  ~n  outL(M)  and  outR(c)  outR(M) 

c  ~ri  Af 

iff 

drop(c)  ~r  drop(M) 

C  A/ 

iff 

rep(c)  rep(M)  . 

Now  to  define  Property  (B),  call  a  pair  (u,U)  ok ,  where  u  is  a  function  between  domains  and  U 
is  a  function  between  correspondingly  typed  terms,  if  u  and  V  are  related  in  one  of  the  following 
ways: 

u  =  A d  E  — *  r2 J.  d(e)  and  V  —  A.Vf  1-,T2.  M N  for  some  e  ~T]  N ,  or 

u  =  Ad  E  [t,  x  r2].  fst(d)  and  U  =  XMT' XTF  fst(M),  or 

u  =  Ad  6  [n  X  r2j.  snd(el)  and  U  =  AA/r'xr2.  snd(M),  or 

u  =  Adejr,  er2j.  outL(d)  and  U  =  AA/T]®T2.  ovfL(M),  or 

u  =  Ad  E  [r,  ©  r2j.  ouiR(d)  and  V  =  \MT'®TF  ovtR(M)  or 

u  —  Ad  E  [rj.  drop(d)  and  U  =  A MT±.  drop{M)  or 

u  =  Xd  E  [pt.r].  rep(d)  and  U  =  AA/M<  T.  rep(  M). 
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A  sequence  .,(um,Um)  is  ok  if  each  pair  is  ok,  and  Ui  o  ui+1  is  type-correct  for  i  <  m. 

Now  property  (D)  is  that: 


if  (u1(  --um(c)  --)  for  all  m  >  0  and  ok  sequences 

(ui,Ui),...,{um,Um),  then  c  ~r  M . 

Summary  of  Proof:  Using  properties  (A),  (B),  show  by  induction  on  the  structure  of  M : 

Lemma  2  Let  x\  :  Tx,...,xk  :  r k  for  some  k  >  0  be  the  free  variables  of  MT .  If  e,  ~Tl  Ar,  for 
1  <  i  <  k,  then  [Mj(p[x<  :=  e,])  ~r  [ Ni/xi]M . 

From  property  (B)  of  ~r  it  follows  that  _Lr  ~T  Af,  for  every  M .  Thus,  applying  Lemma  2  with 
e,  =  ±T, ,  N,  =  x,,  we  obtain 

Corollary  1  [A/rlpx  AfT. 

Theorem  1  (Adequacy)  For  alt  observed  types  cr,  Eval(M°)  is  defined  iff\M\p±  ^  ±<r. 

A. 5  Construction  of  the  Inclusive  Predicates 

Let  r  be  a  type  expression  with  free  type  variables  Interpret  r  as  a  function  JrJ  of  k 

arguments  from  cpo’s  to  cpo’s;  if  r  is  closed,  i.e.,  a  type,  then  interpret  [r]  to  be  a  cpo  as  usual. 

We  will  define  a  function  P(t)  of  k  arguments,  where  the  itk  argument  is  a  binary  predicate  p, 
on  [r,J  x  At,,  and  P(r)(pi , . . .  ,pk)  is  a  binary  predicate  on  (M(lriJ, . . . ,  |r/t]))  x  -^[n/tdr- 

The  definition  is  by  induction  on  the  structure  of  r.  We  write  p  as  an  abbreviation  of  pi, . . .  ,pk\ 
also,  we  abbreviate  II{T|/t|]T  as  IIT.  Now  dP(r)(p)M  only  if  dHrM-  If  dIITM,  then 

d  P(tx  — *•  r2)(p)  M  iff  e  P(rj,)(p)  N  implies  d(e)  P(t2)( p)  MN 
d  P{tx  x  r2)(p)  M  iff  fst(d)P(Ti)(p)fsi(M)  and  snd{d)P{r2)(p)snd{M) 
d  P(ti  0  r2)(p)  M  iff  outL(d)P(Ti)(p)outL(M)  and  07itR(d)P(r2){ p)  outR(M) 
d  P(rx)(p)  M  iff  drop(d)  P(t)( p)  drop{M) 
d  P(f,)(p)  M  iff  dpi  M  . 

To  complete  the  inductive  definition  of  P(r),  we  have  to  describe  the  remaining  case  pt.r.  Let 
the  free  variables  of  r  be  t,ti,...,tk-  We  will  use  the  following  notation: 

[pt.r]  =  Un>o[rln’  ( cf :  [26,33,21])  where  [rJ0(A,, . . . ,  A*)  =  ±,  and 
[T]n+l(Ai,...,Ak)  =  [r]([r]n(A,,...,A*),  Au...,Ak). 


Also,  for  d  €  [/it.r](Ai,.  ..,Ak),  let  (Mn(Ai , . . . ,  Ak)  |  d)  be  the  projection  of  d  on 
[r]n(Ai,...,Afc). 
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We  will  now  describe  the  case  pt.r  of  the  inductive  definition  of  P(r). 

d  P(pt.r)( p)  M  iff  ([rjn([rij, . . .  j  d)  P(pt.r)n( p)  M,  for  all  n  >  0, 

where  the  predicates  P(pt.r)n  are  defined  (by  induction  on  n)  as  follows: 
d0  P(pt.r) 0(p)  M  iff  d0 

dn+i  P(fit.T)n+i( p)  M  iff  dn+i  U^t  rM  and  dn+ 1  F(r)(P(/it.r)„(p), p)  rep(M). 

Lemma  3  Ifpi,---,Pk  satisfy  (A),  (B),  then  P(T)(pi - ,pk)  satisfies  (A),  (B). 

Theorem  2  (Inclusive  Predicate  Existence)  For  every  type  r,  P{t)  satisfies  (A),  (B). 

A.  6  Full  Abstraction  and  Universality 

Lemma  4  For  every  type  r,  every  finite  (i.e.,  isolated )  clement  in  [rj  equals  [Jlfjpj.  for  some 
closed  term  MT . 

Corollary  2  Suppose  [A/o]p  ^  | A/ 1 Jp,  for  some  valuation  p.  Then  there  is  a  context  C[-]  such 
that  C'[Mq]  and  C[M i]  are  closed  terms  of  observed  type,  and  exactly  one  of  and  [C[A/2]] 

equals  X. 

Theorem  3  (Full  Abstraction)  Semantic  equality  of  terms  coincides  with  observational  congru¬ 
ence. 

Theorem  4  (Universality)  Augment  the  language  by  adding  3(tnt-'b°°l)->b°°l  ( the  continuous  ver¬ 
sion  of  the  existential  quantifier).  If  6  £  [r]  is  the  lub  of  a  recursively  enumerable  sequence  of  finite 
elements,  then  there  is  a  closed  term  MT  such  that  [MJ  =  6. 

The  proofs  of  full  abstraction  and  universality  are  simple  extensions  of  Plotkin’s  [25]. 

Comment:  We  cannot  have  strict  pairing  in  the  Adequacy  Theorem  1  without  committing  our¬ 
selves  to  observing  nonbottomness  at  all  types:  a  term  MT,  where  r  is  arbitrary,  is  nonbottom  iff 
the  term  stfst(stpair(a* ,  MT))  of  (observed)  type  1  is  nonbottom. 

B  Complete  Adequacy  without  Sums 

B. l  Syntax  of  Types 

Let  t  stand  for  a  type  variable,  r  a  type  expression,  and  v  for  a  nontrivial  type  expression: 

t  /|r— *r|rxr|r®r|rx|  pt.r 

v  Ti  I  t  — *  //  |  //  x  r  |  t  x  v  |  v  0  v  [  pi.u 

Comment:  Strict  pairing  (®)  has  been  included  this  time. 

Example:  The  type  triv  =  pt.t  is  not  nontrivial. 


Lemma  5  An  arbitrary  type,  r,  is  nontrivial  iff  M*U}. 

B.2  Terms  and  Typing  Rules 

The  rules  are  as  in  Section  A. 2,  with  the  omission  of  typing  rules  for  ®,  and  the  addition  of: 
stpair(MTl ,  N72)  :  Ti®^.  stfst(MTl®73 )  :  rj,  stsnd(MT'®72)  :  ri- 

Canonical  Terms: 

V  ::=  a:  |  VMT  |  fst(V)  \  snd(V)  j  stfst(V)  |  stsnd(V)  |  drop(V)  \  rep(V) 

C  ::=  Vv  |  Xx.C  |  pair(C,M)  |  pair(M,C)  j  stpair(C,C)  |  stfst(stpair(C ,  C))  ) 
stsnd(stpair(C,C))  \  lift(M)  |  abs(C) 

where  Vv  must  be  of  nontrivial  type. 

Comment:  If  C  is  canonical,  then  [ C\p  ^  .1,  for  some  valuation  p. 

B.3  Operational  Rules 

M  -h.  M' 

Xx.M  —  Xx.M' 

(Xx.M)N  —  [N/x]M 

stfst(stpair(Mi,Mi))N  — ►  stfst(stpair(MiN ,  Af2)) 
stsnd(stpair(Mi,Mi))N  — >  stsnd(stpair(M\,  M2N)) 

M  -+  M',  M  £  X(-  •  •),  Af  ^  stfst(stpair  ■  •  •),  M  stsnd(stpair  ■  •  •) 

MN  -»  M'N 

M  -»  M',  N  -*  N' 
pair(M,N)  -*■  pair(M',N') 

fst(pair(M,N))  -*  M 
snd(pair(M,N))  — ►  N 

fst(stfst(stpair(M,N)))  — *  stfst(stpair(fst(M),  N)) 
snd(stfst(stpair(M,N )))  — >  stfst(stpair(snd(M),  N)) 
fst(stsnd(stpair(M,N)))  — ►  stsnd(stpair(M,fst(N))) 
snd(stsnd(st]mir(M,  N)))  — ►  stsnd(stpair(M,snd(N))) 

M  — ►  Af\  A/  ^  pair(---),  M  ^  stfst(stpair  •  •  •),  M  stsnd(stpair  ■  •  •) 
fst(M)  -  fst(M'),  snd(M)  —  anrf(M') 

M  M’,  N  -*  N' 
stpair(M,  N)  — *  stpair(M',  N') 
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_ Af  M' _ 

stpair(M,C)  — *•  stpair(M\C ),  stpair(C,M)  —  stpair(C,  Af') 

stfst(stfst(stpair(M ,  N )))  — *  stfst(stpair(stfst(M),  N)) 

stsnd(stfst(stpair(M,  N)))  —*  stfst(stpair(stsnd(M),  N )) 

stfst(stsnd(stpair(AI,  N)))  — « ■  stsnd(st]Mir(AI,stfst(N))) 

stsnd(stsnd(stpair(M,N)))  — > ■  stsnd(stpair(  M ,  stsnd(N ))) 

A/  — ►  A/',  A/  ^  stfst{stpair  •  ■  •),  A /  ^  stsnd(stpair  ■  ■  ■) 
stfst(M)  — ►  stfst(M'),  stsnd(M)  — *  stsnd(M') 

drop(lift(M))  — *  Af 

drop(stfst(stpair(Af,N)))  —  stfst(stpair(drop(AI),  N)) 
drop{stsnd(stpair(Al,N )))  — ►  stsnd(stpair{M,drop(N))) 

Af  — >  A/7,  A/  ^  lift(---),  A 1  stfst(stpair  ■  ■  •),  A/  ^  stsnd(stpair  ■  ■  ■) 

drop(Af)  — ►  drop(Af') 

up ?  fi/i((Af)  TV  — ►  TV 

A /  ->  Af',  Af  ^  /#(•••) 
up?  A/  TV  -  up?  A/'  TV 

Af  ->  A/' 

abs(AI)  — <•  abs(AI') 
rep(abs(M))  — *  Af 

rep(stfst(stpair(Af,N)))  — >  stfst(stpair(rep(AI),  N)) 
rep(stsnd(stpair(M,  N)))  — ►  stsnd(stpair(Af,rep(N))) 

Af  — >  A/',  A/  ^  a6s(-  •  •),  Af  stfstjstpair  ■  •  •),  Af  ^  stsnd(stpair  ■  •  •) 

rcp(M)  — »  rcp(M') 

(if  no  rule  above  applies  (o  A/  and  A/  not  canonical) 

Af  -  Af 

Definition  8  Eval(M)  as  in  Appendix  A. 
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B.4  The  Complete  Adequacy  Theo¬ 
rem 

For  every  valuation  p,  define  binary  predicates 
ri£  on  [r]  x  At  by  the  rule  c\[pTM  iff 

c  C  [M]  p  and 

(c  ^  ±T  implies  Eval(M)  is  defined). 

As  in  Appendix  A,  the  binary  predicates 
on  [r]  x  At  satisfy  corresponding  properties  (A), 
(B)  expressed  in  terms  of  the  predicates  II£). 

Using  properties  (A),  (B)  of  the  predicates  ~£, 
we  show  by  induction  on  the  structure  of  M: 

Lemma  6  For  variables  Xi  :  T\,...,Xk  :  r*, 
where  k  >  0,  if  e{  A,  for  1  <  i  <  k,  then 

lMr](p[xt:=el})~>[N,/xt}M. 

Corollary  3  \M\p  ~ PT  M  for  all  MT,  p. 

Theorem  5  (Complete  Adequacy)  Eial(M)  is 
defined  iff  3 p.  [M\p  jt  ±. 

Remark:  For  any  term  M,  the  meaning  of 
the  lambda  closure  of  M  is  nonbottom  iff  the 
meaning  of  M  is  nonbottom  in  some  valuation. 

The  construction  of  the  inclusive  predicates 
~t  is  as  in  Appendix  A,  simply  replacing  nr  by 

n?. 

B.5  Discussion 

Observe  that,  without  sum  types,  every  pair 
of  values  is  consistent  (i.e.,  they  have  a  com¬ 
mon  upper  bound),  and  consequently  all  defin¬ 
able  types  happen  to  be  lattices  even  under  the 
cpo  interpretation.  This  is  crucial  for  our  com¬ 
plete  adequacy  theorem.  The  presence  of  incon¬ 
sistent  pairs  in  the  semantic  domains  together 
with  a  strict  pairing  operator  complicates  the 
problem  of  observing  nonbottomness  at  function 
types.  For  example,  in  the  cpo  semantics,  the 


term  A x.stpair{outL(xM),  outR(xN))  is  nonbot¬ 
tom  iff  there  is  a  valuation  p  such  that  [A/]p  and 
[Ajp  are  inconsistent. 

The  sum  type-constructor  over  cpo's  intro¬ 
duces  types  with  inconsistent  elements;  more¬ 
over,  even  in  the  absence  of  strict  pairs,  sum 
types  involve  similar  connections  between  non¬ 
bottomness  and  inconsistency.  We  conjecture 
that  our  complete  adequacy  result  can  be  ex¬ 
tended  to  the  language  with  sum  types  with  a 
parallel  conditional,  if  our  semantic  domains  are 
lattices.  We’re  still  wondc  i.ng  about  sums  in  the 
cpo  case. 

Since  we  do  not  have  a  conditional  in  the  lan¬ 
guage  of  this  appendix,  the  isolated  elements  are 
not  all  definable  and  we  cannot  prove  full  ab¬ 
straction  following  Plotkin.  However,  different 
methods  (based  on  Bohm  trees)  have  been  used 
to  prove  such  results  for  the  untyped  lambda  cal¬ 
culus,  cf.  [1],  and  we  expect  such  methods  are 
also  applicable  in  our  case. 
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